1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 636 637 638 639 640 641 642 643 644 645 646 647 648 649 650 651 652 653 654 655 656 657 658 659 660 661 662 663 664 665 666 667 668 669 670 671 672 673 674 675 676 677 678 679 680 681 682 683 684 685 686 687 688 689 690 691 692 693 694 695 696 697 698 699 700 701 702 703 704 705 706 707 708 709 710 711 712 713 714 715 716 717 718 719 720 721 722 723 724 725 726 727 728 729 730 731 732 733 734 735 736 737 738 739 740 741 742 743 744 745 746 747 748 749 750 751 752 753 754 755 756 757 758 759 760 761 762 763 764 765 766 767 768 769 770 771 772 773 774 775 776 777 778 779 780 781 782 783 784 785 786 787 788 789 790 791 792 793 794 795 796 797 798 799 800 801 802 803 804 805 806 807 808 809 810 811 812 813 814 815 816 817 818 819 820 821 822 823 824 825 826 827 828 829 830 831 832 833 834 835 836 837 838 839 840 841 842 843 844 845 846 847 848 849 850 851 852 853 854 855 856 857 858 859 860 861 862 863 864 865 866 867 868 869 870 871 872 873 874 875 876 877 878 879 880 881 882 883 884 885 886 887 888 889
|
tcpdump (4.9.3-1~deb10u2) buster; urgency=high
* Cherry-pick commit 32027e1993 from the upstream tcpdump-4.9 branch to fix
untrusted input issue in the PPP printer (CVE-2020-8037, closes: #973877).
-- Romain Francoise <rfrancoise@debian.org> Sat, 07 Nov 2020 13:36:24 +0100
tcpdump (4.9.3-1~deb10u1) buster-security; urgency=high
* New upstream release, with fixes for 24 different CVEs (closes: #941698).
This is an upstream update on top of the 4.9.2-3 package and does not
include other changes from the 4.9.3 package in bullseye.
* Disable tests that require a newer libpcap version.
-- Romain Francoise <rfrancoise@debian.org> Sat, 19 Oct 2019 16:55:18 +0200
tcpdump (4.9.2-3) unstable; urgency=medium
[ Jamie Strandboge ]
* debian/usr.sbin.tcpdump: drop 'capability sys_module' since we already
have 'net_admin' and network module loading (which happens with -D) is
allowed with 'net_admin' (LP: #1759029) (closes: #894161)
[ Romain Francoise ]
* Switch to debhelper compatibility level 11.
* Bump Standards-Version to 4.1.3.
-- Romain Francoise <rfrancoise@debian.org> Sat, 31 Mar 2018 22:22:36 +0200
tcpdump (4.9.2-2) unstable; urgency=medium
* Use new URLs on salsa.debian.org for Vcs-* fields.
* Bump Standards-Version to 4.1.2.
-- Romain Francoise <rfrancoise@debian.org> Sun, 31 Dec 2017 15:53:41 +0100
tcpdump (4.9.2-1) unstable; urgency=high
* New upstream release:
+ Fixes 86 new CVEs, see the upstream changelog for the full list.
+ Now supports OpenSSL 1.1, so move back to libssl-dev (closes: #859740).
* Urgency high due to security fixes.
-- Romain Francoise <rfrancoise@debian.org> Fri, 08 Sep 2017 21:30:47 +0200
tcpdump (4.9.1-3) unstable; urgency=high
* Cherry-pick three upstream commits to fix the following:
+ CVE-2017-11541: buffer over-read in safeputs() (closes: #873804)
+ CVE-2017-11542: buffer over-read in pimv1_print() (closes: #873805)
+ CVE-2017-11543: buffer overflow in sliplink_print() (closes: #873806)
* Urgency high due to security fixes.
-- Romain Francoise <rfrancoise@debian.org> Mon, 04 Sep 2017 19:45:45 +0200
tcpdump (4.9.1-2) unstable; urgency=medium
* Disable IKEv2 test which mysteriously fails on ppc64el (closes: #873377).
-- Romain Francoise <rfrancoise@debian.org> Sat, 02 Sep 2017 11:01:30 +0200
tcpdump (4.9.1-1) unstable; urgency=medium
* New upstream release, fixes CVE-2017-11108 (closes: #867718).
* Bump Standards-Version to 4.1.0.
* debian/watch: add pgpsigurlmangle option.
* Add upstream signing key in debian/upstream.
-- Romain Francoise <rfrancoise@debian.org> Sat, 26 Aug 2017 18:48:32 +0200
tcpdump (4.9.0-3) unstable; urgency=medium
[ intrigeri ]
* Include AppArmor profile from Ubuntu (closes: #866682).
[ Romain Francoise ]
* Bump Standards-Version to 4.0.0.
-- Romain Francoise <rfrancoise@debian.org> Sun, 02 Jul 2017 12:13:53 +0200
tcpdump (4.9.0-2) unstable; urgency=medium
* Re-enable crypto support, targeting OpenSSL 1.0 as upstream still
doesn't support OpenSSL 1.1.
* Drop --enable-ipv6 from configure line, it has been the default for
years now.
-- Romain Francoise <rfrancoise@debian.org> Sat, 11 Feb 2017 16:40:05 +0100
tcpdump (4.9.0-1) unstable; urgency=high
* New upstream security release, fixing the following:
+ CVE-2016-7922: buffer overflow in print-ah.c:ah_print().
+ CVE-2016-7923: buffer overflow in print-arp.c:arp_print().
+ CVE-2016-7924: buffer overflow in print-atm.c:oam_print().
+ CVE-2016-7925: buffer overflow in print-sl.c:sl_if_print().
+ CVE-2016-7926: buffer overflow in print-ether.c:ethertype_print().
+ CVE-2016-7927: buffer overflow in print-802_11.c:ieee802_11_radio_print().
+ CVE-2016-7928: buffer overflow in print-ipcomp.c:ipcomp_print().
+ CVE-2016-7929: buffer overflow in print-juniper.c:juniper_parse_header().
+ CVE-2016-7930: buffer overflow in print-llc.c:llc_print().
+ CVE-2016-7931: buffer overflow in print-mpls.c:mpls_print().
+ CVE-2016-7932: buffer overflow in print-pim.c:pimv2_check_checksum().
+ CVE-2016-7933: buffer overflow in print-ppp.c:ppp_hdlc_if_print().
+ CVE-2016-7934: buffer overflow in print-udp.c:rtcp_print().
+ CVE-2016-7935: buffer overflow in print-udp.c:rtp_print().
+ CVE-2016-7936: buffer overflow in print-udp.c:udp_print().
+ CVE-2016-7937: buffer overflow in print-udp.c:vat_print().
+ CVE-2016-7938: integer overflow in print-zeromq.c:zmtp1_print_frame().
+ CVE-2016-7939: buffer overflow in print-gre.c, multiple functions.
+ CVE-2016-7940: buffer overflow in print-stp.c, multiple functions.
+ CVE-2016-7973: buffer overflow in print-atalk.c, multiple functions.
+ CVE-2016-7974: buffer overflow in print-ip.c, multiple functions.
+ CVE-2016-7975: buffer overflow in print-tcp.c:tcp_print().
+ CVE-2016-7983: buffer overflow in print-bootp.c:bootp_print().
+ CVE-2016-7984: buffer overflow in print-tftp.c:tftp_print().
+ CVE-2016-7985: buffer overflow in print-calm-fast.c:calm_fast_print().
+ CVE-2016-7986: buffer overflow in print-geonet.c, multiple functions.
+ CVE-2016-7992: buffer overflow in print-cip.c:cip_if_print().
+ CVE-2016-7993: a bug in util-print.c:relts_print() could cause a
buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP,
lightweight resolver protocol, PIM).
+ CVE-2016-8574: buffer overflow in print-fr.c:frf15_print().
+ CVE-2016-8575: buffer overflow in print-fr.c:q933_print().
+ CVE-2017-5202: buffer overflow in print-isoclns.c:clnp_print().
+ CVE-2017-5203: buffer overflow in print-bootp.c:bootp_print().
+ CVE-2017-5204: buffer overflow in print-ip6.c:ip6_print().
+ CVE-2017-5205: buffer overflow in print-isakmp.c:ikev2_e_print().
+ CVE-2017-5341: buffer overflow in print-otv.c:otv_print().
+ CVE-2017-5342: a bug in multiple protocol parsers (Geneve, GRE, NSH,
OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in
print-ether.c:ether_print().
+ CVE-2017-5482: buffer overflow in print-fr.c:q933_print().
+ CVE-2017-5483: buffer overflow in print-snmp.c:asn1_parse().
+ CVE-2017-5484: buffer overflow in print-atm.c:sig_print().
+ CVE-2017-5485: buffer overflow in addrtoname.c:lookup_nsap().
+ CVE-2017-5486: buffer overflow in print-isoclns.c:clnp_print().
* Re-enable all tests and bump build-dep on libpcap0.8-dev to >= 1.8
accordingly.
* Switch Vcs-Git URL to the https one.
* Adjust lintian override name about dh 9.
-- Romain Francoise <rfrancoise@debian.org> Thu, 26 Jan 2017 20:04:11 +0100
tcpdump (4.8.1-2) unstable; urgency=medium
* Disable new HNCP test, which fails on some buildds for some
as-of-yet unexplained reason.
-- Romain Francoise <rfrancoise@debian.org> Sat, 29 Oct 2016 19:40:01 +0200
tcpdump (4.8.1-1) unstable; urgency=medium
* New upstream release.
* Re-enable Geneve tests (disabled in 4.7.4-1) and bump build-dep on
libpcap0.8-dev to >= 1.7 accordingly.
* Disable new pcap version tests which require libpcap 1.8+.
-- Romain Francoise <rfrancoise@debian.org> Sat, 29 Oct 2016 17:16:06 +0200
tcpdump (4.7.4-3) unstable; urgency=medium
* Use dh-autoreconf instead of calling autoconf directly and patching
config.{guess,sub}.
* Call dh_auto_configure instead of configure in override target, patch
by Helmut Grohne (closes: #837951).
-- Romain Francoise <rfrancoise@debian.org> Sat, 17 Sep 2016 11:18:45 +0200
tcpdump (4.7.4-2) unstable; urgency=medium
* Disable crypto support as it causes FTBFS with OpenSSL 1.1.x and we
don't have a working fix upstream yet (closes: #828569).
* Bump Standards-Version to 3.9.8.
* Use cgit URL for Vcs-Browser.
-- Romain Francoise <rfrancoise@debian.org> Sun, 28 Aug 2016 18:16:50 +0200
tcpdump (4.7.4-1) unstable; urgency=medium
* New upstream release.
* Disable two geneve tests that require libpcap 1.7+.
* Bump Standards-Version to 3.9.6.
-- Romain Francoise <rfrancoise@debian.org> Sat, 23 May 2015 18:25:01 +0200
tcpdump (4.6.2-5) unstable; urgency=high
* Cherry-pick commit fb6e5377f3 from upstream Git to fix regressions in the
RPKI/RTR printer after the CVE-2015-2153 changes. Thanks to Artur Rona
from Ubuntu for the heads-up (closes: #781362).
-- Romain Francoise <rfrancoise@debian.org> Sat, 04 Apr 2015 19:10:27 +0200
tcpdump (4.6.2-4) unstable; urgency=high
* Cherry-pick changes from upstream Git to fix the following security
issues:
+ CVE-2015-0261: missing bounds checks in IPv6 Mobility printer.
+ CVE-2015-2153: missing bounds checks in RPKI/RTR printer.
+ CVE-2015-2154: missing bounds checks in ISOCLNS printer.
+ CVE-2015-2155: missing bounds checks in ForCES printer.
-- Romain Francoise <rfrancoise@debian.org> Sat, 14 Mar 2015 18:43:44 +0100
tcpdump (4.6.2-3) unstable; urgency=high
* Cherry-pick commit 0f95d441e4 from upstream Git to fix a buffer overflow
in the PPP dissector (CVE-2014-9140).
-- Romain Francoise <rfrancoise@debian.org> Sat, 29 Nov 2014 12:23:53 +0100
tcpdump (4.6.2-2) unstable; urgency=high
* Urgency high due to security fixes.
* Add three patches extracted from various upstream commits fixing
vulnerabilities in three dissectors:
+ CVE-2014-8767: missing bounds checks in OLSR dissector (closes: #770434).
+ CVE-2014-8768: missing bounds checks in Geonet dissector
(closes: #770415).
+ CVE-2014-8769: missing bounds checks in AOVD dissector (closes: #770424).
-- Romain Francoise <rfrancoise@debian.org> Sat, 22 Nov 2014 11:48:08 +0100
tcpdump (4.6.2-1) unstable; urgency=medium
* New upstream release.
-- Romain Francoise <rfrancoise@debian.org> Thu, 04 Sep 2014 18:53:34 +0200
tcpdump (4.6.1-3) unstable; urgency=medium
* Bump build-dep on libpcap0.8-dev to >= 1.5 as the pppoes_id test case
requires a pcap version that supports PPPoE session ID filtering.
-- Romain Francoise <rfrancoise@debian.org> Sat, 16 Aug 2014 17:38:28 +0200
tcpdump (4.6.1-2) unstable; urgency=medium
* Expand configure check for net/pfvar.h to also check for existence of
net/if_pflog.h to fix build on GNU/kFreeBSD, which ships the former
but not the latter, see #756553 (closes: #756790).
-- Romain Francoise <rfrancoise@debian.org> Mon, 04 Aug 2014 22:37:24 +0200
tcpdump (4.6.1-1) unstable; urgency=medium
* New upstream release.
* debian/control: Mark tcpdump 'Multi-Arch: foreign' (closes: #700727).
-- Romain Francoise <rfrancoise@debian.org> Wed, 30 Jul 2014 19:16:49 +0200
tcpdump (4.5.1-2) unstable; urgency=low
* Disable nflog-e testcase, the NFLOG header length is specified in host
byte order which makes capture files order-dependent (closes: #731031).
-- Romain Francoise <rfrancoise@debian.org> Sun, 01 Dec 2013 12:13:16 +0100
tcpdump (4.5.1-1) unstable; urgency=low
* New upstream release.
* Disable new pppoes testcase which uses a new pcap feature to avoid tying
the two upstream versions together.
* debian/control: Set Standards-Version to 3.9.5.
-- Romain Francoise <rfrancoise@debian.org> Sat, 30 Nov 2013 23:54:03 +0100
tcpdump (4.4.0-1) unstable; urgency=low
* New upstream release:
+ Fixes format error in NTP printer (closes: #686276).
+ Rewords -e description (closes: #648768).
* debian/control: Set Standards-Version to 3.9.4.
* Use canonical locations in Vcs-* fields.
-- Romain Francoise <rfrancoise@debian.org> Sat, 25 May 2013 13:50:30 +0200
tcpdump (4.3.0-1) unstable; urgency=low
* New upstream release.
* Re-enable test suite.
-- Romain Francoise <rfrancoise@debian.org> Wed, 13 Jun 2012 22:55:54 +0200
tcpdump (4.2.1-3) unstable; urgency=low
* Fix CPPFLAGS handling in upstream configure.in to avoid losing
hardening flags, patch by Simon Ruderich <simon@ruderich.org>
(closes: #662016).
* Fix some misspellings pointed out by lintian.
* debian/control: Set Standards-Version to 3.9.3.
-- Romain Francoise <rfrancoise@debian.org> Sat, 03 Mar 2012 17:11:48 +0100
tcpdump (4.2.1-2) unstable; urgency=low
* Drop debian/patches/50_kfreebsd.diff (closes: #658848).
-- Romain Francoise <rfrancoise@debian.org> Mon, 06 Feb 2012 19:01:12 +0100
tcpdump (4.2.1-1) unstable; urgency=low
* New upstream release.
* Upload to unstable.
-- Romain Francoise <rfrancoise@debian.org> Mon, 02 Jan 2012 20:19:22 +0100
tcpdump (4.2.0~rc1-2) experimental; urgency=low
* Make sure OpenSSL support gets enabled: since it moved to multiarch
paths, the configure script doesn't find libcrypto.so and disables
crypto support. To fix this, simplify detection logic in configure.in
and run autoconf before configuring.
* Redo build flags handling:
+ Enable hardening flags via dpkg-buildflags, not hardening-includes.
+ Switch to debhelper compat level 9 to have build flags exported
automatically.
+ Adjust build-depends accordingly.
* Enable parallel build in debhelper.
-- Romain Francoise <rfrancoise@debian.org> Sun, 06 Nov 2011 19:14:23 +0100
tcpdump (4.2.0~rc1-1) experimental; urgency=low
* New upstream beta release (closes: #636806); now switches to the -Z
user before opening the first output file (closes: #434603).
* debian/control: Set Standards-Version to 3.9.2.
-- Romain Francoise <rfrancoise@debian.org> Sun, 14 Aug 2011 10:44:58 +0200
tcpdump (4.1.1-2) unstable; urgency=low
* Fix FTBFS on GNU/Hurd; patch from Svante Signell (closes: #622287).
* debian/control: Tweak short and long descriptions, set
Standards-Version to 3.9.1.
-- Romain Francoise <rfrancoise@debian.org> Mon, 11 Apr 2011 22:37:29 +0200
tcpdump (4.1.1-1) unstable; urgency=low
* New upstream release (closes: #576001).
* debian/rules: Disable dh_auto_test (for now).
* debian/control: Set Standards-Version to 3.8.4.
* debian/patches/30_uflag_flushopen.diff: New patch: when saving to a
capture file with -U, flush the file immediately after opening it.
Suggested by Ferenc Wagner <wferi@niif.hu> (closes: #533625).
* debian/patches/20_man_fixes.diff: Fix TCP flags description, thanks to
Christophe Rhodes <csr21@cantab.net> (closes: #575724).
-- Romain Francoise <rfrancoise@debian.org> Tue, 06 Apr 2010 19:58:14 +0200
tcpdump (4.0.0-6) unstable; urgency=low
* debian/control: Build-depend on hardening-includes.
* debian/rules: Use hardening.make.
-- Romain Francoise <rfrancoise@debian.org> Thu, 24 Dec 2009 11:51:12 +0100
tcpdump (4.0.0-5) unstable; urgency=low
* Switch to 3.0 (quilt) source format:
+ Drop build-depends on quilt.
+ Remove patch/unpatch logic from debian/rules.
+ Remove README.source.
+ Refresh debian/patches/30_tcp_seq.diff.
* Use dh(1):
+ debian/compat: Bump to 7.
+ debian/control: Build-depend on debhelper (>= 7.0.50~).
+ debian/rules: Simplify.
+ debian/tcpdump.dirs: Removed.
-- Romain Francoise <rfrancoise@debian.org> Sun, 08 Nov 2009 17:25:38 +0100
tcpdump (4.0.0-4) unstable; urgency=low
* debian/control:
+ Add ${misc:Depends} to Depends.
+ Set Standards-Version to 3.8.3; no changes needed.
* debian/{watch,README.source}: New files.
* debian/copyright: Remove link to original file.
-- Romain Francoise <rfrancoise@debian.org> Thu, 08 Oct 2009 19:00:23 +0200
tcpdump (4.0.0-3) unstable; urgency=low
* debian/patches/20_man_fixes.diff: Update; pcap-filter is in section 7,
not 4 (closes: #527599).
* debian/control: Set Standards-Version to 3.8.1.
-- Romain Francoise <rfrancoise@debian.org> Tue, 16 Jun 2009 11:51:14 +0200
tcpdump (4.0.0-2) unstable; urgency=low
* debian/patches/30_tcp_seq.diff: Patch from Ilpo Järvinen adding back
default display of sequence numbers in TCP printer (closes: #517661).
* debian/patches/series: Update.
-- Romain Francoise <rfrancoise@debian.org> Sun, 01 Mar 2009 14:51:25 +0100
tcpdump (4.0.0-1) unstable; urgency=low
* Upload to unstable.
-- Romain Francoise <rfrancoise@debian.org> Wed, 18 Feb 2009 18:55:35 +0100
tcpdump (4.0.0-1~exp1) experimental; urgency=low
* New upstream release.
* debian/control: Set Standards-Version to 3.8.0.
* debian/rules: Don't set DH_VERBOSE.
* debian/patches/15_install.diff: New patch, don't install two identical
tcpdump binaries.
-- Romain Francoise <rfrancoise@debian.org> Sun, 30 Nov 2008 22:55:39 +0100
tcpdump (3.9.8-4) unstable; urgency=low
* debian/control: Build-Depend on libpcap0.8-dev (>= 0.9.3),
not (>= 0.9.3-1).
-- Romain Francoise <rfrancoise@debian.org> Sat, 08 Mar 2008 19:24:02 +0100
tcpdump (3.9.8-3) unstable; urgency=low
* debian/copyright: Convert to UTF-8 encoding.
* debian/control: Set Standards-Version to 3.7.3, no changes needed.
-- Romain Francoise <rfrancoise@debian.org> Sun, 23 Dec 2007 14:32:17 +0100
tcpdump (3.9.8-2) unstable; urgency=low
* debian/control: Add Vcs-Browser and Vcs-Git fields.
* debian/patches/50_kfreebsd.diff: New patch by Petr Salinger fixing
FTBFS on Debian GNU/kFreeBSD (closes: #448695).
-- Romain Francoise <rfrancoise@debian.org> Sat, 03 Nov 2007 11:12:53 +0100
tcpdump (3.9.8-1) unstable; urgency=low
* New upstream release.
-- Romain Francoise <rfrancoise@debian.org> Thu, 27 Sep 2007 22:41:53 +0200
tcpdump (3.9.7-2) unstable; urgency=low
* debian/control: Move upstream URL to the Homepage header.
-- Romain Francoise <rfrancoise@debian.org> Fri, 21 Sep 2007 19:48:05 +0200
tcpdump (3.9.7-1) unstable; urgency=low
* New upstream release.
* debian/patches/41_cve-2007-3798.diff: Deleted.
* debian/patches/40_cve-2007-1218.diff: Deleted.
* debian/patches/series: Update.
-- Romain Francoise <rfrancoise@debian.org> Sun, 12 Aug 2007 12:45:31 +0200
tcpdump (3.9.5-4) unstable; urgency=low
* debian/rules: Don't ignore errors in clean target.
* debian/patches/50_autotools-dev.diff: New patch, make config.{guess,sub}
exec newer versions of themselves if autotools-dev is installed.
* debian/patches/series: Update.
* debian/control: Add build-depends on autotools-dev.
-- Romain Francoise <rfrancoise@debian.org> Sat, 11 Aug 2007 20:18:34 +0200
tcpdump (3.9.5-3) unstable; urgency=medium
* Convert to quilt for patch management:
+ debian/control: Build-Depend on quilt (>= 0.40) instead of dpatch.
+ debian/rules: Include /usr/share/quilt/quilt.make.
+ Convert all dpatch patches to regular patches.
* debian/patches/41_cve-2007-3798.diff: New patch, fixes an integer
overflow in the BGP dissector (CVE-2007-3798), thanks to Daniel Leidert
(closes: #434030).
* debian/patches/series: Update.
-- Romain Francoise <rfrancoise@debian.org> Wed, 01 Aug 2007 19:56:04 +0200
tcpdump (3.9.5-2) unstable; urgency=medium
* debian/patches/40_cve-2007-1218.dpatch: New patch, fixes a potential
buffer overflow in the 802.11 printer (CVE-2007-1218), thanks to
Moritz Muehlenhoff <jmm@debian.org> (closes: #413430).
* debian/patches/00list: Update.
-- Romain Francoise <rfrancoise@debian.org> Mon, 5 Mar 2007 20:22:50 +0100
tcpdump (3.9.5-1) unstable; urgency=low
* New upstream release.
* debian/patches/20_man_fixes.dpatch: Resync.
-- Romain Francoise <rfrancoise@debian.org> Sat, 23 Sep 2006 21:13:07 +0200
tcpdump (3.9.4-4) unstable; urgency=low
* debian/compat: Switch to debhelper compatibility level 5.
* debian/control:
+ Build-Depend on debhelper (>= 5).
+ Remove Uploaders field.
+ Bump Standards-Version to 3.7.2, no changes needed.
* debian/rules: Misc. cleanups.
-- Romain Francoise <rfrancoise@debian.org> Sat, 20 May 2006 13:07:45 +0200
tcpdump (3.9.4-3) unstable; urgency=low
* debian/patches/20_man_fixes.dpatch: Merge patch from A Costa
<agcosta@gis.net> fixing a few typos (closes: #351014).
-- Romain Francoise <rfrancoise@debian.org> Thu, 2 Feb 2006 22:24:04 +0100
tcpdump (3.9.4-2) unstable; urgency=low
* debian/patches/20_man_fixes.dpatch: Merge patch from A Costa
<agcosta@gis.net> fixing a few typos (closes: #342310).
-- Romain Francoise <rfrancoise@debian.org> Sat, 10 Dec 2005 14:26:20 +0100
tcpdump (3.9.4-1) unstable; urgency=low
* New upstream release.
* debian/patches/40_spelling.dpatch: Dropped (included upstream).
* debian/patches/30_version.dpatch: Dropped.
* debian/patches/30_vlan_eflag: New patch, reverse test for eflag in
print-ether.c to match the intended effect (closes: #324706).
* This upload also transitions tcpdump to OpenSSL 0.9.8.
-- Romain Francoise <rfrancoise@debian.org> Sun, 9 Oct 2005 20:11:49 +0200
tcpdump (3.9.3-2) unstable; urgency=low
* debian/patches/40_spelling.dpatch: New patch, fixes spelling errors
("advertisment" vs. "advertisement"), thanks to Michael Shields
<shields@msrl.com> (closes: #318676).
* debian/patches/00list: Update.
-- Romain Francoise <rfrancoise@debian.org> Sun, 17 Jul 2005 12:28:22 +0200
tcpdump (3.9.3-1) unstable; urgency=low
* New upstream release.
* Build-Depend on libpcap0.8-dev (which is really libpcap 0.9.3).
* debian/patches/30_ascii-output.dpatch: Dropped (merged upstream).
* debian/patches/30_version: New patch, fixes upstream version (still at
3.9.2 while this is version 3.9.3).
* debian/patches/00list: Update.
-- Romain Francoise <rfrancoise@debian.org> Sat, 16 Jul 2005 14:59:30 +0200
tcpdump (3.9.1-1) unstable; urgency=low
* New upstream release.
* debian/patches/30_ascii-output.dpatch: New patch, fixes -x, -X and -A
priorities and removes extra newline and tab characters in the ascii
output (closes: #285764, #316908).
* debian/patches/00list: Update.
-- Romain Francoise <rfrancoise@debian.org> Wed, 6 Jul 2005 20:17:19 +0200
tcpdump (3.9.0.cvs.20050622-1) unstable; urgency=low
* New CVS snapshot.
* debian/control: Bump Standards-Version to 3.6.2.1, no changes needed.
-- Romain Francoise <rfrancoise@debian.org> Wed, 22 Jun 2005 19:52:31 +0200
tcpdump (3.9.0.cvs.20050614-1) unstable; urgency=low
* New CVS snapshot.
* Upload to unstable.
-- Romain Francoise <rfrancoise@debian.org> Tue, 14 Jun 2005 19:43:24 +0200
tcpdump (3.9.0.cvs.20050529-1) experimental; urgency=low
* New upstream CVS snapshot for experimental.
-- Romain Francoise <rfrancoise@debian.org> Sun, 29 May 2005 12:55:31 +0200
tcpdump (3.9.0.cvs.20050511-1) experimental; urgency=low
* Upstream CVS snapshot of tcpdump 3.9 for experimental.
* debian/patches/20_man_fixes.dpatch: Resynchronized.
* debian/patches/30_openssl_des.dpatch: Dropped (fixed upstream).
* debian/patches/40_ipv6cp.dpatch: Ditto.
* debian/patches/50_misc_dos.dpatch: Ditto.
* debian/patches/00list: Update.
* debian/control: Build with libpcap0.9, also in experimental.
-- Romain Francoise <rfrancoise@debian.org> Wed, 11 May 2005 20:00:31 +0200
tcpdump (3.8.3-5) unstable; urgency=low
* debian/copyright: Clarify license conditions, some files in the
distribution are still under the 4-clause BSD license (closes: #283008).
* debian/changelog: Revise 3.8.3-4 entry to add CAN numbers (which have
been assigned in the meantime).
-- Romain Francoise <rfrancoise@debian.org> Sun, 1 May 2005 17:23:45 +0200
tcpdump (3.8.3-4) unstable; urgency=high
* Urgency set to high due to security fixes.
* debian/patches/50_misc_dos.dpatch: Security fixes stolen from the 3.8
branch fix infinite loops in the BGP, ISIS, LDP and RSVP dissectors
[CAN-2005-1278, CAN-2005-1279, CAN-2005-1280] (closes: #306529).
* debian/patches/00list: Add 50_misc_dos.
-- Romain Francoise <rfrancoise@debian.org> Wed, 27 Apr 2005 21:05:37 +0200
tcpdump (3.8.3-3) unstable; urgency=low
* debian/patches/40_ipv6cp.dpatch: New patch, do not try to print IPV6CP
ppp packets, the dissector doesn't support it (closes: #255179).
* debian/patches/00list: Add 40_ipv6cp.
-- Romain Francoise <rfrancoise@debian.org> Sat, 19 Jun 2004 15:01:27 +0200
tcpdump (3.8.3-2) unstable; urgency=low
* debian/rules: Enable crypto support (closes: #82581, #93428).
* debian/control:
+ Build-Depend on libssl-dev.
+ Put back URL markers in description.
+ Switch Maintainer and Uploaders fields to match reality.
* debian/patches/30_openssl_des.dpatch: Patch to make upstream's
configure script check for DES_cbc_encrypt instead of des_cbc_encrypt,
(the function got renamed in OpenSSL 0.9.7), which saves us the hassle
of re-running autoconf. Temporary hack since upstream has fixed this
in CVS already.
* debian/patches/00list: Add 30_openssl_des.
-- Romain Francoise <rfrancoise@debian.org> Fri, 14 May 2004 22:14:08 +0200
tcpdump (3.8.3-1) unstable; urgency=low
* New upstream release.
* debian/rules:
+ Add -D_FILE_OFFSET_BITS=64 to default CFLAGS to match libpcap
(closes: #154762).
+ Use dpatch for patch management.
+ Clean up CFLAGS handling.
+ Support DEB_BUILD_OPTIONS.
* debian/control:
+ Build-Depend on libpcap0.8-dev, dpatch.
+ Add versioned Build-Depends on debhelper.
+ Remove Emacs-style URL markers from description.
* debian/compat: New file.
* debian/copyright: Update.
* debian/tcpdump.docs: Do not install upstream INSTALL file.
* debian/patches: New directory.
* debian/patches/10_man_install.dpatch: Patch split off the Debian diff
to change man install paths in upstream Makefile.in.
* debian/patches/20_man_fixes.dpatch: Patch split off the Debian diff to
fix some inconsistencies in the upstream man page.
* debian/patches/00list: New file (patch list).
-- Romain Francoise <rfrancoise@debian.org> Tue, 11 May 2004 14:02:09 +0200
tcpdump (3.7.2-4) unstable; urgency=high
* Urgency high due to security fixes.
* Backport changes from upstream CVS to fix ISAKMP payload handling
denial-of-service vulnerabilities (CAN-2004-0183, CAN-2004-0184).
Detailed changes (with corresponding upstream revisions):
+ Add length checks in isakmp_id_print() (print-isakmp.c, rev. 1.47)
+ Add data checks all over the place, change rawprint() prototype and
add corresponding return value checks (print-isakmp.c, rev. 1.46)
+ Add missing ntohs() and change length initialization in
isakmp_id_print(), not porting prototype changes (print-isakmp.c,
rev. 1.45)
-- Romain Francoise <rfrancoise@debian.org> Tue, 6 Apr 2004 19:39:24 +0200
tcpdump (3.7.2-3) unstable; urgency=low
* Backport changes from upstream CVS to fix several vulnerabilities in
ISAKMP, L2TP and Radius parsing (closes: #227844, #227845, #227846).
-- Romain Francoise <rfrancoise@debian.org> Sat, 17 Jan 2004 14:12:30 +0100
tcpdump (3.7.2-2) unstable; urgency=low
* Acknowledge NMU by Romain (closes: #208543).
* Apply man page fixes by Romain:
+ networks(4) changed to networks(5) (closes: #194180).
+ ethers(3N) changed to ethers(5) (closes: #197888).
* debian/control: Added Romain Francoise as co maintainer. Thanks for
your help, Romain!
-- Torsten Landschoff <torsten@debian.org> Sun, 19 Oct 2003 04:12:31 +0200
tcpdump (3.7.2-1.1) unstable; urgency=low
* NMU
* Reverse order of #include directives in print-sctp.c so that
IPPROTO_SCTP is defined (closes: #208543).
-- Romain Francoise <rfrancoise@debian.org> Sun, 12 Oct 2003 17:06:01 +0200
tcpdump (3.7.2-1) unstable; urgency=low
* New upstream release (closes: #195816).
-- Torsten Landschoff <torsten@debian.org> Sun, 8 Jun 2003 00:14:44 +0200
tcpdump (3.7.1-1.2) unstable; urgency=high
* Non-maintainer upload
* Apply security fixes from 3.7.2
- Fixed infinite loop when parsing malformed isakmp packets.
(CAN-2003-0108)
- Fixed infinite loop when parsing malformed BGP packets.
- Fixed buffer overflow with certain malformed NFS packets.
-- Matt Zimmerman <mdz@debian.org> Thu, 27 Feb 2003 11:00:32 -0500
tcpdump (3.7.1-1.1) unstable; urgency=low
* NMU
* Simple rebuild to deal with libpcap0->libpcap0.7 transition.
Sourceful NMU so that every arch rebuilds it.
-- LaMont Jones <lamont@debian.org> Wed, 14 Aug 2002 21:25:45 -0600
tcpdump (3.7.1-1) unstable; urgency=low
* New upstream release (closes: #138052).
-- Torsten Landschoff <torsten@debian.org> Sat, 3 Aug 2002 23:54:04 +0200
tcpdump (3.6.2-2) unstable; urgency=HIGH
* print-rx.c: Take the version from current CVS fixing the remote
buffer overflow reported in FreeBSD Security Advisory SA-01:48
yesterday. Thanks to Matt Zimmerman for forwarding the report,
I might have missed it.
* debian/control: Clean the Build-Depends from build-essential
packages.
-- Torsten Landschoff <torsten@debian.org> Thu, 19 Jul 2001 15:03:48 +0200
tcpdump (3.6.2-1) unstable; urgency=low
* New upstream release.
-- Torsten Landschoff <torsten@debian.org> Tue, 6 Mar 2001 04:18:16 +0100
tcpdump (3.6.1-2) unstable; urgency=low
* debian/rules: Force support for IPv6 (closes: #82665).
* print-icmp6.c: Removed duplicate definition also in icmp6.h to
get the package to compile with IPv6.
* Rebuild should fix the missing libpcap0-dependency (closes: #82666).
Additional info: The missing dependency was because the configure
script found my libpcap sources in the parent directory. Black magic
always works against you :(
-- Torsten Landschoff <torsten@debian.org> Thu, 18 Jan 2001 00:44:01 +0100
tcpdump (3.6.1-1) unstable; urgency=high
* Taking back the package. Kudos to Anand for his help.
* New upstream release. This release fixes a security hole in print-rx.c.
* debian/rules: Disable crypto support (closes: #81969).
* Removed empty README.Debian (closes: #81966).
-- Torsten Landschoff <torsten@debian.org> Tue, 16 Jan 2001 16:04:03 +0100
tcpdump (3.5.2-3) unstable; urgency=low
* Fixup dependancy stuff. Sheesh. (Closes: #78063, #78081, #78082)
-- Anand Kumria <wildfire@progsoc.org> Tue, 28 Nov 2000 02:16:01 +1100
tcpdump (3.5.2-2) unstable; urgency=low
* Update both config.guess and config.sub (Closes: #36692, #53145)
* Opps, make the .diff available.
* We require a particular libpcap version to work (Closes: #77877)
-- Anand Kumria <wildfire@progsoc.org> Mon, 27 Nov 2000 01:13:55 +1100
tcpdump (3.5.2-1) unstable; urgency=low
* New Maintainer
* New upstream release (Closes: #75889)
* Upstream added hex dump (-x) and ascii dump (-X) Closes: #23514, #29418)
* Acknowledge and incorporate security fixes (Closes: #63708, #77489)
* Appletalk / Ethertalk patches are in (Closes: #67642)
-- Anand Kumria <wildfire@progsoc.org> Wed, 22 Nov 2000 13:19:33 +1100
tcpdump (3.4a6-4.1) frozen unstable; urgency=high
* Non-maintainer upload by security team
* Apply patch from tcpdump-workers mailinglist to fix DNS DoS attack
against tcpdump. Based on patch from Guy Harris <gharris@flashcom.net> as
found on http://www.tcpdump.org/lists/workers/1999/msg00607.html
* Fix Build-Depends entry in debian/control
-- Wichert Akkerman <wakkerma@debian.org> Sun, 7 May 2000 15:17:33 +0200
tcpdump (3.4a6-4) unstable; urgency=low
* New maintainer.
* tcpdump.c (main): Reestablish priviliges before closing the device
(closes: #19959).
* It seems the problem with ppp came from the kernel - I can dump
packages on ppp0 just fine... (closes: #25757)
* print-tcp.c (tcp_print): Applied patch from David S. Miller submitted
by Andrea Arcangeli to fix tcpdump sack TCP option interpretation
(closes: #28530).
* print-bootp.c (rfc1048_print): Interpret timezone offset as signed
(closes: #40376). Fixed byte order problem in printing internet
addresses (closes: #40375). Thanks to Roderick Schertler for the patch.
* Several files: Applied SMB patch from samba.org (closes: #27653).
* print-ip.c (ip_print): Check for ip headers with less than 5 longs.
Patch taken from RedHat's source package.
* Redid debian/rules using debhelper.
* Makefile.in: Install the manpage into man8 instead of man1.
* tcpdump.1: Moved to section 8 (admin commands).
* print-smb.c (print_smb): Disabled anything but printing the command
info by default. Otherwise we would get flooded with smb information.
You can get all info using -vvv. Two -v's will give you the SMB headers.
* tcpdump.1: Documented the behaviour described above.
-- Torsten Landschoff <torsten@debian.org> Mon, 22 Nov 1999 01:31:44 +0100
tcpdump (3.4a6-3) frozen unstable; urgency=low
* fixed permissions
-- Peter Tobias <tobias@et-inf.fho-emden.de> Mon, 30 Mar 1998 02:28:39 +0200
tcpdump (3.4a6-2) frozen unstable; urgency=low
* rebuild with latest debmake, fixes #19415
(should also fix the lintian warnings)
* updated standards-version
-- Peter Tobias <tobias@et-inf.fho-emden.de> Mon, 30 Mar 1998 00:28:39 +0200
tcpdump (3.4a6-1) unstable; urgency=low
* updated to latest upstream version, fixes: Bug#17163
* install changelog.Debian compressed, fixes: Bug#15417
-- Peter Tobias <tobias@et-inf.fho-emden.de> Sun, 1 Feb 1998 00:08:31 +0100
tcpdump (3.4a4-1) unstable; urgency=low
* updated to latest upstream version
* libc6 version
-- Peter Tobias <tobias@et-inf.fho-emden.de> Wed, 17 Sep 1997 23:22:54 +0200
tcpdump (3.3.1a2-1) frozen stable unstable; urgency=medium
* updated to latest upstream version (works with new libpcap now)
-- Peter Tobias <tobias@et-inf.fho-emden.de> Sat, 24 May 1997 00:49:17 +0200
tcpdump (3.3-2) unstable; urgency=low
* fixed SLIP support
-- Peter Tobias <tobias@et-inf.fho-emden.de> Sun, 16 Feb 1997 21:06:51 +0100
tcpdump (3.3-1) unstable; urgency=low
* updated to latest upstream version
-- Peter Tobias <tobias@et-inf.fho-emden.de> Thu, 16 Jan 1997 01:34:00 +0100
|